Operations Security INTELLIGENCE THREAT HANDBOOK

Section 6

OPEN SOURCE COLLECTION

Introduction

This section examines the threat posed by the growing availability of
information to U. S. adversaries through open sources. Open source
information is publicly available information appearing in print or
electronic form. It may be transmitted by radio, television, and
newspapers, or it may be distributed through commercial databases, images,
and drawings.[1] U. S. adversaries have always used open source collection
to some degree. The openness of U.S. society and the wealth of technical,
scientific, political, and economic information available through the
media provides U.S. adversaries with a windfall of intelligence.
Information has traditionally been extracted from technical journals,
trade magazines, congressional documents, government reports, periodicals,
newspapers, and legal documents. These traditional sources of information
remain available to adversaries and cannot be ignored. However, in the
past 10 years the amount of detailed, accurate, and timely information
available to the public and U.S. adversaries has expanded dramatically.[2]

Benefits of Open Source Information Collection

Using open source information as an intelligence source has a number of
benefits for adversary intelligence services. The information is
relatively cheap to obtain and makes up the greatest volume of information
accessible to an intelligence collector. Collecting open source materials
is legal in the majority of instances, and the collector is not subject
to the danger of prosecution for espionage. Frequently, it is possible to
derive sensitive information by aggregating and comparing data concerning
a particular activity or facility. The types of information that are
useful in such instances include technical journals, newspaper articles,
maps, photographs, budgetary documents, environmental declarations,
lawsuits, and advertisements requesting services or offering employment.
A distinct advantage of open source information is that it may be the most
timely and accurate information available. Finally, the combination of
open source data and classified material often provides a more complete
picture of a targeted activity than classified information would alone.
However, open source materials also have some disadvantages. For example,
an adversary may intentionally plant information in the media as part of
a deception program. Further, censorship in many countries may result in
the information of greatest interest not being released through open
sources. In the case of the United States these disadvantages do not
apply, and as a result open source is extremely valuable to U.S.
adversaries.[3]

The Changing Nature of Open Source Information

The advent of Cable News Network (CNN) and other near real-time
information services has increased the quantity, quality, and timeliness
of information available from open sources. Detailed information on the
activities of the United States Government, the military services, and
private sector can be obtained from news services, television, online
databases, electronic bulletin board systems (BBS), and a wide range of
specialized publications available in full text from on-line services. The
ubiquity of this effort and the value that adversaries place on this type
of information is illustrated by the Persian Gulf War. Television crews
covered every aspect of the ground and air war in the Persian Gulf region.
After the war, it was revealed that the Iraqis used CAN coverage as a near
real-time intelligence system, which they used to obtain political and
military information. Since that time, it has been alleged that Iraq has
begun a program to train intelligence officers to gather information
through the Internet.[4]

Not only is desired information readily available, it is relatively
inexpensive to access, and in many cases has already had some level of
analysis performed by a news agency, bulletin board operator, government
body, or university. Issue-oriented groups on the Internet, hackers,
students, and hobbyists have taken an increased interest in many
classified or sensitive programs. In some cases, these groups have
performed fairly sophisticated analysis of these activities. Intelligence
can also be derived from the commercial imagery products. Currently, the
Russian government is selling imagery with a ground resolution of two
meters. With the advent of a new generation of commercial imaging
satellites that will become operational within the next two years, imagery
products with one meter in resolution will become available. Foreign
intelligence services, terrorist groups, news services, and economic
competitors will all be able to gain access to this information.[5]

The threat posed by the growing availability of information is increased
by the availability of improved analytical work stations and software
tools on the commercial market. Expert systems are able to quickly examine
raw computerized data and extract information pertinent to established
search parameters. On-line search engines, and other Internet tools allow
intelligence collectors and analysts to rapidly sort through massive quantities of information and extract information pertinent to their area of
interest. In the area of imagery analysis, commercially available programs
provide national and subnational elements with the means to conduct
detailed analysis of digitized imagery. These capabilities will grow as
better technologies become available to the public.[6]

Traditional Open Source Assets

As discussed earlier in this section, open source information has been
exploited by many of the foreign intelligence agencies that have targeted
the United States. The former Soviet Union found open source intelligence
to be so lucrative that it established organizations within its
intelligence services and academic institutes dedicated to analyzing open
source data. The Soviet intelligence services used open source information
as a means to determine targets for clandestine intelligence operations.
For example, it is believed that the Soviets first became aware of the
Stealth fighter program and the signals intelligence satellite program by
exploiting open source information. They used the data derived through
this activity to target clandestine HUMINT and technical intelligence collectors against these activities. The Soviets also saw open sources as
valuable for gather information on political, military, scientific and
technical, and economic matters. Soviet collectors attended Congressional
hearings, examined major newspapers on a daily basis, extracted data from
the publications of academic and research organizations, and obtained
information from technical journals. The FBI estimated that up to 90
percent of the information obtained by the Soviets came from open
sources.[7] There are no indications that the Russian intelligence
services have changed the Soviet pattern of using open source information
for the production of intelligence.

Many other nations have dedicated significant efforts to collecting and
analyzing open source information. The Chinese have a large, dedicated
open source collection and analysis capability that operates under the
auspices of the New China News Agency (NCNA). The NCNA monitors over 40
foreign news agencies and 30 foreign broadcast facilities to provide
China's leaders with information on world political, economic, and
military trends. The Chinese government also uses six research institutes
to gather and analyze open source information and provide Chinese leaders
with assessments of areas of interest.[8] The German Federal Intelligence
Service (BND) also uses open source collection to gather information on
the United States. The BND is particularly active in collecting open
source information concerning economic, scientific, and technical subject
areas.[9] Another example of open source collection activities is provided
by Iraq. It is believed that most of the information required for the
development of the Iraqi weapons of mass destruction program was gathered
by exploiting open source materials. In particular, literature on nuclear
science and engineering, and information on chemical and biological
warfare agent production was collected.[10]

The Freedom of Information Act provides another important method for
collecting open source material. U.S. adversaries have used FOIA requests
to obtain information from government agencies that has provided valuable
intelligence on economic policy, insights into proprietary technologies,
and information concerning intelligence and military operations. This
information has also been used to identify classified activities.[11]

Electronic Databases

The number of electronic databases available to the public has grown
dramatically in the past few years and will likely continue to expand. The
information available through them has also expanded and includes a vast
quantity of data on political, technical, economic, and military topics
that would be valuable to an adversary. Foreign intelligence services have
realized the value of the databases and are exploiting them for
intelligence collection. There are substantial incentives to do so. For
example, the Soviet Union has long targeted the Department of Energy's
national laboratories because of their emphasis on the development of
advanced technologies, many of which have military applications. Virtually
all of these laboratories have Internet access, and many provide for
public access to research data. It is possible for an intelligence
collector to derive information from these laboratories, and associated
private and academic facilities that would permit significant insight into
U.S. technological efforts. It is interesting to note that the largest
users of these databases have been foreign corporations and
governments.[12]

A number of nations have engaged in gathering open source information
through electronic databases. The Russian Institute of Automated Systems
at Moscow State University hosts the National Center for Automated Date
Exchanges with Foreign Computer Networks and Data Banks (NCADE). NCADE was
subordinate to the KGB and is now believed to play a central role in SVR
computer intelligence collection activities. NCADE has direct access to
data networks in the United States, Canada, Germany, the United Kingdom,
and France, and is a client of several on-line databases. These databases
include: the U.S. Library of Congress; the LEXIS/NEXIS data service; the
U.S. National Technical Information Service; the British Library; and the
International Atomic Energy Agency. The Russians have also established
direct connection with Internet service providers such as COMPUSERVE,
TYMNET, and the European Union's EUNET.[13] During the Cold War, the
Bulgarian Security Service (DS) was a major client of Lockheed's Dialog
on-line database service. Dialog information was available to all hosts
connected to the Bulgarian packet switch network, BULPAC. These connected
hosts included DS computers, the computers of the Bulgarian military
intelligence organization, and the Bulgarian research and development
institutions.[14] The Chinese, Japanese, and South Koreans have been
particularly active in collecting open source economic and technical data
by exploiting electronic databases. The primary collectors of this
information has been commercial interests located in the United States,
and students attending universities in the U.S.[15]

Another threat that has grown in importance is electronic bulletin board
systems (BBS). Bulletin board systems, some of which track sensitive U.S.
Government activities or provide information on proprietary activities
performed by Government contractors, have grown rapidly on the Internet.
These systems consist of a host computer with one or more modem lines for
remote access. Most BBSs have two main areas: the remote file transfer
section and the message base. Traditionally these systems have been used
by hobbyists and hackers as a means of distributing information on topics
of interest to a particular group.[16] Many of the hobbyist BBSs have
engaged in the sophisticated analysis of classified U.S. Government
programs. Bulletins boards track space launches and speculate on the
capability of U.S. reconnaissance satellites. Other bulletin boards track
classified programs through the Congressional budget process and attempt
to publicize programs that are being managed under special access
provisions. Hacker bulletin board systems provide detailed information on
the Vulnerability of telecommunications and computer systems. They also
often display data that has been stolen from computer systems that have
been compromised by the hacker group. It is believed that many of these
bulletin boards are actively monitored by intelligence activities who are
using these systems to gather sensitive information concerning U.S.
capabilities.[17]

Commercial Imagery

Another area of growing importance to OPSEC managers related to open
source collection is the increasing availability of imagery products to
anyone who has the money to pay for them. The U.S. Department of Commerce
estimates that the remote imaging market will exceed $2 billion by the
year 2000.[18] Available imagery products will include synthetic aperture
radar (SAR) images, electro-optical (EO) images, and multispectral imagery
(MSI) products. Each of these imagery product types provides information
that can be used for intelligence exploitation. Radar imagery applications
provide a day/night, all weather imagery capability, and they can
potentially be used for detection of submerged vessels or underground
facilities. Electro-optic imagery provides a digitized panchromatic
product that offers visible information at high spatial resolutions.
Essentially, EO imagery provides a black and white picture of the targeted
facility or area. Finally, MSI provides spectral range coverage, recording
energy visible, near infrared, short-wave infrared, and medium infrared
wavelengths of the spectrum of light. These systems have medium resolution
and wide area coverage capabilities. Their utility for targeting, mapping,
and regional monitoring was demonstrated by military intelligence
applications during the Persian Gulf War.[19] Proposed commercial EO
systems will have ground resolutions of approximately 1 meter. This is
sufficient in most cases for the precise identification of most types of
facilities and will provide significant detail for technical analysis.
Currently, ten commercial imaging satellites are being developed, and five
of these will provide 1-meter resolution imagery. The use of multiple
sensor systems, such as the use of EO, SM and MSI imagery to cross
reference a particular feature or facility, will allow change detection
analysis, layover analysis, and other sophisticated imagery assessments
to be performed by nations and groups that previously had no access to
these types of products.[20] This will present a significant threat to
OPSEC programs for sensitive activities.

Implications for OPSEC Managers

OPSEC was originally intended to manage indicators, many of which were
unclassified, that could allow an adversary to derive classified or
critical information. As a result, there is nothing particularly new in
considering open source information as a potential threat. Nor is there
any doubt that intelligence organizations have previously targeted open
source data for collection. What has changed is the amount of data that
can be accessed, and the ease with which it can be gathered and
categorized. As a result, small, relatively unsophisticated organizations
can develop a significant analysis capability for the price of a couple
of personal computers and Internet access. The ubiquity of information
will allow greater access to information by the entire range of U.S.
adversaries and will greatly increase the difficulty for OPSEC managers
in protecting critical information.